Campaign tool supplied to UK’s governing party by Trump-Pence app dev quietly taken out of service — thanks to GDPR

An app that the UK’s governing party launched last year — for Conservative Party activists to gamify, ‘socialize’ and co-ordinate their campaigning activity — has been quietly pulled from app stores.

Its vanishing was flagged to us earlier today, by Twitter user Sarah Parks, who noticed that, when loaded, the Campaigner app now displays a message informing users the supplier is “no longer supporting clients based in Europe”.

“So we’re taking this opportunity to refresh our campaigning app,” it adds. “We will be back with a new and improved app early next year – well in time for the local elections.”

(Bad luck, then, should there end up being another very snap, Brexit-induced UK General Election in the meanwhile, as some have suggested may yet come to pass. But I digress… )

The supplier of the Conservative Campaigner app is — or was — a US-based add developer called uCampaign, which had also built branded apps for Trump-Pence 2016; the Republican National Committee; and the UK’s Vote Leave Brexit campaign, to name a few of the political campaigns it has counted as customers.

Here’s a few more: The (pro-gun) National Rife Association and the (anti-abortion) SBA List.

We know the name of the Conservative Campaigner app’s supplier because this summer we raised privacy concerns about the app — on account of its use of uCampaign’s boilerplate privacy policy, if you clicked to read the app’s privacy policy earlier this year.

The wording of uCampaign’s privacy policy suggested the Conservative Campaigner app could be harvesting users’ mobile phone contacts — if they chose to sync their contacts book with it.

The privacy policy for the app was subsequently changed to point to the Conservative Party’s own privacy policy — with the change of privacy policy taking place just before a tough new EU-wide data protection framework, GDPR, came into force on May 25 this year.

Prior to May 23, the privacy policy of the Conservatives’ digital campaigning app suggests it was harvesting contacts data from users — and potentially sharing non-users’ personal information with entities of uCampaign’s choosing (given, for example, the company’s privacy policy gave itself the right to “share your Personal Information with other organizations, groups, causes, campaigns, political organizations, and our clients that we believe have similar viewpoints, principles or objectives as us”).

This sort of consentless scraping of large amounts of networked personal data — by sucking up information on users’ friend groups and other personal connections — has of course had a massive spotlight thrown on it this year, as a result of the Facebook Cambridge Analytica data misuse scandal in which the personal data of tens of millions of Facebook users was extracted from the social network via a quiz app that used a (now defunct) Facebook friends API to grab data on non-users who would not have even had the chance to agree to the app’s terms.

Safe to say, this modus operandi wasn’t cool then — and it’s certainly not cool now.

Politicians all over the globe have been shaken awake by the Cambridge Analytica scandal, and are now raising all sorts of concerns about how data and digital tools are being used (and or misused and abused).

In the UK, a committee that’s been probing the impact of social media-accelerated disinformation on democratic processes published a report this summer calling for a levy on social media to defend democracy. Its lengthy preliminary report also suggested urgent amendments to domestic electoral law to reflect the use of digital technologies for political campaigning.

Though the UK’s Conservative minority government — the party behind the now on-pause Conservative Campaigner app — apparently disagrees on the need for speed, declining in its response last week to accept most of the committee’s laundry list of recommended changes.

Meanwhile, the DCMS committee’s inquiry into political campaigns’ use (and misuse) of personal data continues — now at a transnational level.

An ethical pause?

Shortly after we published our privacy concerns about the Conservative Campaigner app, the UK’s data protection watchdog issued its own a lengthy report detailing extensive concerns about how UK political parties were misusing personal data — and calling for an ethical pause on the use of microtargeting for election campaigning purposes.

Which does rather beg the question whether the Conservative Campaigner app going AWOL now, until a reboot under a new supplier (presumably) next year, might not represent just such an ‘ethical pause’.

The app is, after all, only just over a year old.

We asked the Conservative Party a number of questions about the Campaigner app via email — after a press office spokeswoman declined to discuss the matter on the telephone.

Five hours later it emailed the following brief statement, attributed to a Conservative spokesperson:

We work with a number of different suppliers and all Conservative party campaigning is compliant with the relevant data protection legislation including GDPR.

The spokesperson did not engage with the substance of the vast majority of our concerns — such as those relating to the app’s handling of people’s data and the legal bases for any transfers of UK voter data to the US.

Instead the spokesperson reiterated the in-app notification which claims “the supplier” is no longer supporting clients based in Europe.

They also said the party is currently reviewing its campaigning tools, without providing any further detail.

We’ve included our full list of questions at the bottom of this post.

We’ve also reached out to the ICO to ask if it had any concerns related to how the Conservative Campaigner app was handling people’s data.

Similarly, the former deputy director & head of digital strategy for the Conservative party, Anthony Hind, declined to engage with the same data protection concerns when we raised them with him directly, back in July.

According to his LinkedIn profile he’s since moved on from the Conservatives to head up social media for the Confederation of British Industry.

For this report we also reached out to uCampaign’s founder and CEO, Thomas Peters, to ask for confirmation on the company’s situation vis-a-vis European clients.

At the time of writing Peters had not responded to our emails. We’ll update this story with any uCampaign response. Update: The uCampaign founder has now confirmed the company is no longer the developer of the Conservative Campaigner app. He also claimed: “All of our Campaigner data was housed in the UK, and our EU clients’ data was also housed in the EU. All clients own all rights to their users’ data and we have no right to share it among any other of our clients. That has been true throughout our operations in the EU.”

The company’s website still includes the UK Conservative Party listed as a client — though the language used on the webpage does not make it explicit whether or not the party is a current client…

Another graphic on the same page plots the UK flag on a world map depicting what uCampaign dubs its “global platform”, where it’s marked along with several other European flags — including Ireland, France, Germany and Malta, suggesting uCampaign has — or had — multiple European clients.

Peters also suggested uCampaign is suspending all its European activity for now, as new data protection rules bed down, telling TechCrunch: “At this point, we are choosing to focus our business expansion in other areas of the world without GDPR-style regulatory regimes. We may revisit this decision in the future when the GDPR regulations are more codified and clear.”

“Our focus on the US midterms has kept our team very busy and thus our website is a bit out of date. We’ll be updating it next week,” he added.

Here’s the full list of questions we put to the Conservatives about their campaigner app. To our eye it has answered just one of them:

Can you confirm — on the record — the reasons for the app being pulled?

Does the Conservative Party intend to continue working with uCampaign for the new campaign app that will relaunch next year? Or does the party have a new supplier?

If the latter, where is the new supplier based? In the UK or in the US?

Did the Conservative Party have any concerns at all related to using uCampaigner as a supplier? (Given, for example, concerns flagged about its data privacy practices by one of the DCMS committee’s recent reports — following an inquiry investigating digital campaigning.)

If the Conservative Party was aware of data privacy concerns pertaining to uCampaign’s practices can you confirm when the party became aware of such concerns?

Was the party aware that the privacy policy it used for the app prior to May 23, 2018 was uCampaign’s own privacy policy?

This privacy policy stated that the app could harvest data from users’ mobile phone contacts and share that data with unknown third parties of the developer’s choosing — including other political campaigns. Is the Conservative Party comfortable with having its supporters’ data shared with other political campaigns?

What due diligence did the Conservative Party carry out before it selected uCampaign as its app supplier?

After signing up the supplier, did the Conservative Party carry out a privacy impact assessment related to how the app operates?

Please confirm all the data points that the app was collecting from users, and what each of those data points was being used for

Where was app user data being processed? In the US, where uCampaign is based, or in the UK where potential voters live?

If the US, what was the legal basis for any transfer of data from UK users to the US?

Is the Conservative Party confident its use of the campaigner app did not breach UK data protection law?

Earlier this year the former Cabinet Minister Dominic Grieve suggested that the bosses of tech giants involved in the Cambridge Analytica data misuse scandal should be jailed for their part in abusing online data for political and financial gain. Does the Conservative Party support Grieve’s position on online data abuse?

Has anyone been sacked or sanctioned for their part in procuring uCampaign as the app supplier — and/or overseeing the operation of the Conservative Campaigner app itself?

Will the Conservative Party commit to notifying all individuals whose data was shared with uCampaign without their explicit consent?

Can the Conservative Party confirm how many individuals had their personal data shared with uCampaign?

Has the Information Commissioner’s Office raised any concerns with the Conservative Party about the Campaigner app?

Has the Conservative Party itself reported any concerns about the app/uCampaign to the ICO?